Prosumer network supplier Ubiquiti had a data leak
Source: Hardware Luxx added 12th Jan 2021Ubiquiti, manufacturer of prosumer network hardware (and also monitoring systems and other products connected to the network), has informed its users that there may have been a data leak and account data
The data could have flowed from an external cloud provider where unauthorized access took place. It cannot be determined with certainty whether data actually flowed out. To mitigate the potential risk, users with a Ubiquiti account should change their password and activate 2FA authentication.
The mail from Ubiquiti is as follows:
“Dear Customer,
We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.
As a precaution, we encourage you to change your passw ord. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.
We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.
Thank you,
Ubiquiti Team “
If account data were actually retrieved, these contain names , E-mails, addresses and telephone numbers. The passwords should be stored in encrypted form – however, it is advisable to exchange them As part of our article on building a home network for enthusiasts, we examined the most important aspects in more detail.
A personal touch and a bland aftertaste
As the author of the article on building a home network for enthusiasts and everyday users of UniFi hardware, the mail from Ubiquiti caught me on the wrong foot. Ubiquiti describes its products with the requirement that e Having your own network and WLAN completely under your own control. This suggests a certain security. Online accounts are now standard with various router providers and sometimes even have to be set up so that access to the user interface is possible.
In the end, unfortunately, you have to say: So completely under control you don’t have your data, because you give up part of the control as soon as an online component is added. This is also the case with Ubiquiti and I was well aware of this when the account was created. Since not only the home network, but also networks at other locations should be monitored and controlled, setting up the account was obviously the necessary way. This step should perhaps be reconsidered.